How to deal with the changing IT landscape and GRC risks

http://www.DellSoftware.com/IT-GRC This episode from the "Maintaining continuous compliance in a chaotic world" video series explains the evolving landscape of IT and the GRC risks that come with it.

[MUSIC PLAYING] Hi, and welcome to this first episode of the series "Maintaining Continuous Compliance in a Chaotic World." My name is Thom Brainard, Product Marketing Manager at Dell Software. And I'll be your host for this series.
As you know, the IT landscape is under a constant state of change, and with that comes uncertainty and risk. It's often on the shoulders of IT to ensure systems are available, secure, and that policies-- be they internal or external-- are being adhered to. Yet, we see examples in the news all the time, of data breaches and leaks of sensitive data, and as a result, failed audits.
How do organizations stay one or five, if not 10, steps ahead to the threats that constant change brings? For instance, do you know, in this very moment, who has access to what, and what they're doing with that access. Or how about the latest updates to regulatory mandates like PCI DSS, and HIPAA?
In this first episode, we'll explore the importance of IT governance, risk, and compliance, as well as the common failures to watch out for. We'll also discuss how Dell can help.
Joining me today is Tim Sedlack, Senior Product Manager for our IT GRC solutions here at Dell. Hey, Tim, welcome.
Thanks, Tom, happy to be here.
Great. Hey, Tim, as I've said, the IT landscape is under a constant state of change. Why do you think this? Is and what are some of the changes you've seen that create security and compliance risks?
Well, Tom, today's IT environments are much more dynamic with the introduction of things like cloud and third-party services. They make it challenging to keep up to date with how information is shared and where it's stored, among other reasons. The secondary reason that it's challenging is, regulations are in a state of flux. So they're updated by the boards that own the regulations, and requirements are constantly changing.
Finally, I'd say that software itself, that does the managing or auditing, also needs to be kept up to date. And sometimes, people aren't staying up to date with the latest information on that software as well. Those three things really make it difficult to keep you in a constant state of compliance 24/7, 365.
OK. So in this complex environment, what are the common IT GRC mistakes you see?
Yeah, Tom, good question. One of the most common errors that I see is people providing too much information. As the auditor comes in looking for answers to specific requests around requirements, it's incumbent upon you to give them answers to their questions. And what I see people doing is providing reams and reams of information to the auditors. And this allows them to dig deeper and spend more time in your environment. And that's not really something you want.
So there's such a thing as giving too much information?
Oh, absolutely.
So how can Dell help with this type of issues and these types of reporting requirements?
So Dell looks at governance risk and compliance as a complete life cycle. You discover or assess your environment. You audit and comply within your environment. You manage your environment, and you provide a way to recover your environment.
It really is a four-step cycle. And we've got products that cover individual areas and cross the boundaries of those four aspects of governance, risk, and compliance.
OK. So obviously Tim, you consult with a lot of customers. What kinds of things are they telling you? What are the issues they're finding most difficult?
Well, some of the challenges that I hear about as I travel around the world are staying up to date on regulations and how you make adjustments to your environment, to encompass those changes and make sure you're constantly compliant or continuously compliant.
Thanks, Tim, that's good stuff. Thanks for sharing. Where can our viewers reach you, if they have any questions or want more information?
Sure, you can reach me at Tim.Sedlack@Software.Dell.com.
OK, great. So that's all we have time for today. Thanks again, Tim, for joining us.
Thank you, Tom.
As you heard, Tim explained the importance of IT governance, risk, and compliance and warned us about some common problems. If you'd like to learn more about how solutions from Dell Software can help address your IT GRC needs, please visit the URL on your screen. And thanks again for watching.
[MUSIC PLAYING]